VMware Cloud Community
awesense
Contributor
Contributor

Additional TCP/IP stack ESXi7

I appears that I must add another TCP/IP stack so that I can route traffic from a different vmknic to a different gateway.

I must be going about this wrong.

The host has two interfaces.  One is on a private network, the other public.  I have  vmknic0 defined and attached to vSwitch0 on the private interface using the default tcp/ip stack with default gateway on the same network.  I'm able to create vmknic1 attached it to vSwitch1 on the public interface but how to add the appropriate routes?

I read that "Configurations with more than one vmknic interface on the same IP subnet not supported".   But is this my configuration?   I vmknics are on very different subnets.

The problem I'm looking to solve is how to allow for internet bound traffic to egress my host (for monitor pings, alert emails etc). I guess I could use vsphere (which I am also using).

Thanks for any insights.

Reply
0 Kudos
2 Replies
ZibiM
Enthusiast
Enthusiast

Hi

First of all the number of the TCP/IP stacks in vsphere is limited, and each of those have dedicated purpose (vmotion, provisioning, nsx)

2nd thing: have you tried to configure gateway on the vmkernel interface ?

In 6.7 U3 you can define gateway for the vmkernel at either tcp/ip stack or directly on the vmkernel interface

Reply
0 Kudos
peetz
Leadership
Leadership

Hello Greg and welcome to the forums!

I have a similar setup and did the following:

- Do *not* add a second TCP/IP stack, just use the default one

- set the default route to the gateway address of your public interface (vmk1)

- For traffic to/from your internal private network add a static route through the vmk0 interface (you need to do this via command line, see VMware Knowledge Base )

And please make sure that you do not allow any inbound traffic on the public management interface (either through the built-in ESXi firewall or some external firewall). You do not want to expose your host's management interface to the Internet!

- Andreas

Twitter: @VFrontDe, @ESXiPatches | https://esxi-patches.v-front.de | https://vibsdepot.v-front.de
Reply
0 Kudos